PT-2024-3459 · Linux+5 · Linux Kernel+5

Duoming Zhou

+1

·

Published

2024-03-26

·

Updated

2025-02-03

·

CVE-2024-26654

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a use-after-free bug in the ALSA subsystem of the Linux kernel. This bug occurs when the snd pcm substream is closing, and the aica channel is deallocated but can still be dereferenced in the worker thread. The reason for this is that del timer() returns directly, regardless of whether the timer handler is running or not, and the worker could be rescheduled in the timer handler. To mitigate this bug, the mod timer() function should be called conditionally in run spu dma(), and a PCM sync stop operation should be implemented to cancel both the timer and worker.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-362

Related Identifiers

BDU:2024-03747
CVE-2024-26654
DLA-3842-1
DSA-5658-1
DSA-5681-1
MGASA-2024-0141
MGASA-2024-0142
OESA-2024-1496
OESA-2024-1497
OESA-2024-1498
OESA-2024-1499
OESA-2024-1500
OESA-2024-1501
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1490-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1490-1
SUSE-SU-2024:2135-1
SUSE-SU-2024:2203-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6919-1
USN-6927-1
USN-6972-1
USN-6972-2
USN-6972-3
USN-6972-4
USN-6976-1
USN-7019-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu